Filters








1,277 Hits in 2.2 sec

Noninterference with Dynamic Security Domains and Policies [chapter]

Robert Grabowski, Lennart Beringer
2009 Lecture Notes in Computer Science  
and the effective security policy.  ...  Language-based information flow analysis is used to statically examine a program for information flows between objects of different security domains, and to verify these flows follow a given policy.  ...  With a single proof, programs can be shown secure for any object domains and security policies.  ... 
doi:10.1007/978-3-642-10622-4_5 fatcat:jvponhn275hqnhl6m5lbzol6ym

Security Protection Technology of Cyber-Physical Systems

Hong Ye
2015 International Journal of Security and Its Applications  
Based on computation and network technology, Cyber-Physical Systems (CPS) has achieved rapid growth but it is faced with increasingly serious security problems and needs targeted security protection technologies  ...  Considering the characteristics of the typical architecture of CPS, this paper integrates the analytical method of information flow based on the noninterference theory and proposes the security protection  ...  and 3132014093.  ... 
doi:10.14257/ijsia.2015.9.2.15 fatcat:4laprffadrd4bjiwlovsfh6f2a

Unwinding Conditional Noninterference [article]

Chenyi Zhang
2010 arXiv   pre-print
Our new policies subsume the policies of both transitive and intransitive noninterference, and support dynamic requirements such as upgrading and downgrading.  ...  In the literature this notion has been well studied as transitive noninterference and intransitive noninterference.  ...  For example, one may define a policy ⊆ {A, B, C} × {A, B, C} for a system with three security domains, such that domain A is allowed to send information to domain B by A B (i.e., (A, B) ∈ ), and that domain  ... 
arXiv:1003.3893v1 fatcat:ayujtzhkmzdhpfqfya2vc4bmm4

Security policies for downgrading

Stephen Chong, Andrew C. Myers
2004 Proceedings of the 11th ACM conference on Computer and communications security - CCS '04  
These policies are connected to a semantic security condition that generalizes noninterference, and the type system is shown to enforce this security condition.  ...  This paper presents security policies for downgrading and a security type system that incorporates them, allowing secure downgrading of information through an explicit declassification operation.  ...  Acknowledgments Thanks to Andrei Sabelfeld and Steve Zdancewic for suggestions about declassification policies, and Michael Clarkson, Nate Nystrom, Riccardo Pucella, Lantian Zheng, and the anonymous reviewers  ... 
doi:10.1145/1030083.1030110 dblp:conf/ccs/ChongM04 fatcat:xtnq3aqow5azfcdpz2bx25sizm

A Model-Driven Approach to Noninterference

Kurt Stenzel, Kuzman Katkalov, Marian Borek, Wolfgang Reif
2014 Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications  
Stenzel, Katkalov, Borek and Reif Figure 5: Original security policy (on the left) and new policy with an additional domain for implicit declassification (on the right).  ...  Together with the properties and a security policy (Fig. 5) a formal specification can be generated as well.  ... 
doi:10.22667/jowua.2014.09.31.030 dblp:journals/jowua/StenzelKBR14 fatcat:ur26bt4terd3znbfmcj56fqp2m

Dynamic Intransitive Noninterference Revisited [article]

Sebastian Eggert, Ron van der Meyden
2016 arXiv   pre-print
The paper studies dynamic information flow security policies in an automaton-based model.  ...  Two semantic interpretations of such policies are developed, both of which generalize the notion of TA-security [van der Meyden ESORICS 2007] for static intransitive noninterference policies.  ...  Then for any dynamic security policy with M ≤ , the system M is both ta ♦ -secure and ta -secure with respect to . Proof: Immediate from Theorem 6.1 using Proposition 2 and Proposition 3.  ... 
arXiv:1601.05187v1 fatcat:bs65shhnwbag3ekwajxcbbzle4

Declassification: Dimensions and principles

Andrei Sabelfeld, David Sands, J.D. Guttman
2009 Journal of Computer Security  
While the security community has recognised the importance of the problem, the state-of-the-art in information release is, unfortunately, a number of approaches with somewhat unconnected semantic goals  ...  A principal security concern for systems permitting information release is whether this release is safe: is it possible that the attacker compromises the information release mechanism and extracts more  ...  Myers and Pablo Giambiagi for fruitful discussions.  ... 
doi:10.3233/jcs-2009-0352 fatcat:c6ngeq6bbrgnvfdc6r3jjqz77a

What You Lose is What You Leak: Information Leakage in Declassification Policies

Anindya Banerjee, Roberto Giacobazzi, Isabella Mastroeni
2007 Electronical Notes in Theoretical Computer Science  
the information released by the policy and (b) Check whether program execution may release more information than what is permitted by the policy by completing the finite abstract domain wrt. weakest liberal  ...  Subsequently the policy can be refined so that the least amount of confidential information necessary for making the program secure is declassified.  ...  These restrictions can be modeled as abstract domains, and therefore by means of abstract noninterference policies.  ... 
doi:10.1016/j.entcs.2007.02.027 fatcat:ujlp7mzl25g5fb5naqb2y4dmlu

Verified Enforcement of Security Policies for Cross-Domain Information Flows

Nikhil Swamy, Michael Hicks, Simon Tsang
2007 MILCOM 2007 - IEEE Military Communications Conference  
In order to specify and enforce expressive and fine-grained policies, we advocate dynamically associating security labels with sensitive entities.  ...  We describe work in progress that uses program analysis to show that security-critical programs, such as cross-domain guards, correctly enforce crossdomain security policies.  ...  We have formalized the use of roles as security labels in an SOPL that supports dynamic policy updates [6] .  ... 
doi:10.1109/milcom.2007.4455189 fatcat:7kfgqxjdkrhvxl3xmgugldhk4i

Noninterference via Symbolic Execution [chapter]

Dimiter Milushev, Wim Beck, Dave Clarke
2012 Lecture Notes in Computer Science  
Noninterference can be enforced statically using information flow type systems; however, these are criticized for being overly conservative and rejecting secure programs.  ...  In this work we propose a novel, alternative approach: utilizing symbolic execution in combination with ideas from program logics in an attempt to increase the precision of analyses and automate noninterference  ...  We would like to thank Dries Vanoverberghe for very insightful and valuable comments on a late draft of the paper and Tatyana Doktorova for many helpful suggestions on the presentation.  ... 
doi:10.1007/978-3-642-30793-5_10 fatcat:7i2esiblpff25hkarstnluckli

Characterizing intransitive noninterference for 3-domain security policies with observability

N.B. Hadj-Alouane, S. Lafrance, Feng Lin, J. Mullins, M. Yeddes
2005 IEEE Transactions on Automatic Control  
Our approach can be used for all systems/protocols with three domains or levels, which is sufficient for most noninterference problems for cryptographic protocols and systems.  ...  INI property is widely used in formal verification of security problems in computer systems and protocols.  ...  of security policies.  ... 
doi:10.1109/tac.2005.850643 fatcat:vvdvxqhbmbbn3dhwcfcfzi3p4q

CookiExt: Patching the browser against session hijacking attacks

Michele Bugliesi, Stefano Calzavara, Riccardo Focardi, Wilayat Khan
2015 Journal of Computer Security  
With the present paper we provide the first such result, by presenting a mechanized proof of noninterference assessing the robustness of the HttpOnly and Secure cookie flags against both web and network  ...  To counter these attacks, modern web browsers implement native cookie protection mechanisms based on the HttpOnly and Secure flags.  ...  Cookies, in turn, are ranged over by c and defined as records with six fields: a name, a value, a domain, a path, and two boolean flags secure and httponly.  ... 
doi:10.3233/jcs-150529 fatcat:oh3myqbcnrfhdhz2k4tevmlwg4

Reasoning About Information Flow Security of Separation Kernels with Channel-based Communication [article]

Yongwang Zhao and David Sann and Fuyuan Zhang and Yang Liu
2015 arXiv   pre-print
This paper presents the first effort to formally specify and verify separation kernels with ARINC 653 channel-based communication.  ...  We provide a reusable formal specification and security proofs for separation kernels in Isabelle/HOL.  ...  Basic Components According to Fig. 1 , basic components include security domains, security policies and communication components.  ... 
arXiv:1510.05091v1 fatcat:dafdhql3rrc7rhxmmjj4gpxtrq

Position paper

Xun Li, Vineeth Kashyap, Jason K. Oberg, Mohit Tiwari, Vasanth Ram Rajarathinam, Ryan Kastner, Timothy Sherwood, Ben Hardekopf, Frederic T. Chong
2013 Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security - PLAS '13  
Sapper addresses this problem by enabling flexible and efficient hardware design that is provably secure with respect to a given information flow policy.  ...  Sapper uses a hybrid approach that leverages unique language features and static analysis to determine a set of dynamic checks that are automatically inserted into the hardware design.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/2465106.2465214 dblp:conf/pldi/0001KOTRKSHC13 fatcat:v5mwy4pquzdj5bjo5564tir4yi

Understanding and Enforcing Opacity

Daniel Schoepe, Andrei Sabelfeld
2015 2015 IEEE 28th Computer Security Foundations Symposium  
We present a framework for opacity and explore its key differences and formal connections with such well-known information-flow models as noninterference, knowledge-based security, and declassification  ...  This paper puts a spotlight on the specification and enforcement of opacity, a security policy for protecting sensitive properties of system behavior.  ...  Acknowledgments: This work was funded by the European Community under the ProSecuToR and WebSand projects and the Swedish research agencies SSF and VR.  ... 
doi:10.1109/csf.2015.41 dblp:conf/csfw/SchoepeS15 fatcat:orel3lewbbg5zkb6kwpogib7b4
« Previous Showing results 1 — 15 out of 1,277 results